Consider how people react to a request to change their online password. Here’s how people answered when we asked: If a social media site or online company with whom you have an account requests that you change your password, which of the following would you most likely do?
- Always change my password: 31%
- Sometimes change my password: 19%
- Ignore the request: 18%
- Contact company to see if request is genuine: 32%
This finding provides a fresh way of looking at the cost of distrust. If a security breach creates a need to request 3 million users to reset their online passwords, you could be looking at 1 million unbudgeted customer service contacts. If you can keep average cost per contact as low as $1 that is still a $1 million bill.
Switching to a user perspective on passwords, I think many of us share the feeling that password changing is burdensome. That burden can mean passwords are not changed as often as they should be to properly protect accounts.
Nevertheless, our survey revealed that some people are making an effort. We asked "How frequently do you change the password for the online account you use most often?" Here's a breakdown of the responses:
- About once a year: 46%
- About once every 6 months: 31%
- At least once a month: 8%
- Never: 16%
The need to create and manage more and more passwords is one of the distinct downsides to living your life online. When it comes to password creation we all have our own strategies but in the survey we tried to get a sense of the elements people were using. We asked: "Which of the following do you use when creating a password for an online account?"
- Something unique and random: 39%
- Familiar name (e.g. of person, pet, or place): 21%
- Name of a location: 6%
- Sports team: 5%
- Something else: 37%
- Decline to answer: 19%